Azure Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure Sentinel
A series of major cyberattacks across industries served as a wake-up call that the traditional “air-gapped” model for OT cybersecurity had become outdated in the era of IT/OT convergence and initiatives such as Smart Manufacturing and Smart Buildings. And the IoT and Industrial Internet of things (IIoT) are only getting bigger. Analysts predict we’ll have billions of IoT devices connected worldwide in a few years, drastically increasing the surface area for attacks. By incorporating agentless technology from Microsoft, Azure Defender for IoT enables IT and OT teams to identify critical vulnerabilities and detect threats using IoT/OT-aware behavioral analytics and machine learning— all without impacting availability or performance, we will detail in this blog post how to ingest Azure Defender for IoT Raw-Data to Azure Sentinel and cover the ICS MITRE ATT&CK matrix via analytics rules!Azure Defender for IoT is now in public preview
Azure Defender for IoT is now available in public preview for on-premises deployments, with the option of connecting securely to Azure Sentinel to eliminate IT/OT silos and provide a unified view of threats across both IT and OT environments. It also integrates out-of-the box with third-party tools like Splunk, IBM QRadar, and ServiceNow.
Designing a Robust Defense for Operational Technology Using Azure Defender for IoT
Operational Technology presents many special challenges from a security perspective. The most effective way to improve security is to monitor and analyze network traffic. Since this can be done non-intrusively in most circumstances, it flies 'below the radar' of the OT traffic and can provide valuable insights into network design, assets, machine configuration and potential threats. As a control system engineer, I designed, commissioned and refined complex Distributed Control and Programmable Logic control systems used in power production for many years. Gradually my role transitioned to one of securing these systems from cyber attack. In a large public utility, I developed the strategy and implemented the changes necessary to make this possible. I hope you find my insights valuable and actionable. I would love to hear from you, e-mail me at v-henrysierk@microsoft.comHow to Gain More from your Connection to an OT Network
Attempting to improve OT security without accurate device inventories, firmware revisions, and network maps is not effective. One of the most productive and non-intrusive tools in the Cyber Security Engineer’s bag is network intrusion detection. But how can we implement this kind of system without causing any bumps in the road for the real-time processes?Public Preview Announcement: OT-Enabled SOC with Microsoft Sentinel and Defender for IoT
We are excited to announce the public preview of our Defender for IoT solution for Microsoft Sentinel. With this solution, Microsoft Sentinel delivers the first in the industry native SOC experience for IT and OT environmentsMicrosoft Defender for IoT for Device Builders in Public Preview
We would like to introduce you to our latest Public Preview: Microsoft Defender for IoT's embedded security capabilities for device builders and solution operators, which will empower them to create and manage secure-by-design IoT devices.
Introducing Single Sign-On (SSO) for Sensor Console: Enhanced Security and Streamlined Access
We are excited to announce that Single Sign-On (SSO) is now available for the sensor console! This new feature streamlines the login process by using Entra ID, enhancing security and convenience for all users.
